def _parse_credential(self, data):
credential = Credential()
for row in data:
credential.id = row["id"]
credential.ukey = row["ukey"]
credential.credential_id = row["credential_id"]
credential.display_name = row["display_name"]
credential.pub_key = row["pub_key"]
credential.sign_count = row["sign_count"]
credential.username = row["username"]
credential.rp_id = row["rp_id"]
credential.icon_url = row["icon_url"]
return credential
def makeUsers(numUsers, maxCredentialsPerUser, priority):
Users = {}
for u in range(numUsers):
memberId = memberid = randomId(4)
Users[memberId] = []
for un in range(1): #range(randint(0,maxCredentialsPerUser)):
start = now - timedelta(days=randint(0, 12))
end = now + timedelta(days=randint(0, 36))
c = Credential(facility="frontdoor",
memberid=memberId,
credential=randomId(9),
type="fob",
effective=start,
expiration=end,
tag=str(uuid4()),
priority=priority)
session.add(c)
Users[memberId].append(c)
session.commit()
return Users
def create_credential(repo):
credential = Credential(repository_id=repo.id,
private_key=PRIVATE_KEY,
public_key=PUBLIC_KEY)
credential.save()
return credential
expiration=end,
tag=str(uuid4()),
priority=priority)
session.add(c)
Users[memberId].append(c)
session.commit()
return Users
members = makeUsers(35, 8, 4)
cfob = Credential(facility="frontdoor",
memberid="3870",
credential="16294934",
type="fob",
effective=now - timedelta(days=5),
expiration=now + timedelta(days=360),
tag=str(uuid4()),
priority=4)
ccode = Credential(facility="frontdoor",
memberid="1337",
credential="4455661",
type="passcode",
effective=now - timedelta(days=5),
expiration=now + timedelta(days=360),
tag=str(uuid4()),
priority=4)
session.add(cfob)
session.add(ccode)
session.commit()
def add_creds():
cred = Credential(name='empty')
cred.put()
def verify_credential_info():
'''
This url is called to verify and register the token
'''
challenge = session['challenge']
username = session['register_username']
display_name = session['register_display_name']
ukey = session['register_ukey']
user_exists = database.user_exists(username)
if not user_exists or not current_user.is_authenticated or not username == current_user.id:
return make_response(jsonify({'fail': 'User not logged in.'}), 401)
registration_response = request.form
trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)),
TRUST_ANCHOR_DIR)
trusted_attestation_cert_required = True
self_attestation_permitted = True
none_attestation_permitted = True
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
credential_id_exists = database.credential_exists(
webauthn_credential.credential_id)
if credential_id_exists:
return make_response(
jsonify({'fail': 'Credential ID already exists.'}), 401)
existing_user = database.user_exists(username)
credential = Credential()
if not existing_user or True:
if sys.version_info >= (3, 0):
webauthn_credential.credential_id = str(
webauthn_credential.credential_id, "utf-8")
webauthn_credential.public_key = str(
webauthn_credential.public_key, "utf-8")
credential.id = randint(1, 100000)
credential.ukey = ukey
credential.username = username
credential.display_name = display_name
credential.pub_key = webauthn_credential.public_key
credential.credential_id = webauthn_credential.credential_id
credential.sign_count = webauthn_credential.sign_count
credential.rp_id = RP_ID
credential.icon_url = 'https://example.com'
database.save_credential(credential)
database.turn_on(credential.username)
else:
return make_response(jsonify({'fail': 'User already exists.'}), 401)
satosa_request = Request()
satosa_request.userId = credential.username
database.make_success(satosa_request)
user = database.get_user(credential.username)
login_user(user)
return jsonify({'success': 'User successfully registered.'})
